chore(deps): update ghcr.io/traefik/traefik docker tag to v3.6.8

feat: disable l2 announcement
2026-02-12 21:01:45 +00:00 · 2026-02-12 14:24:25 -06:00
7 changed files with 49 additions and 70 deletions
--- a/clusters/cl01tl/helm/cilium/templates/cilium-l2-announcement-policy.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-l2-announcement-policy.yaml
@@ -1,17 +0,0 @@
 apiVersion: "cilium.io/v2alpha1"
 kind: CiliumL2AnnouncementPolicy
 metadata:
  name: node-gateway-l2-policy
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: node-gateway-l2-policy
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  nodeSelector:
    matchLabels:
      kubernetes.io/hostname: talos-ix7-xku
  interfaces:
    - enp6s0
  externalIPs: true
  loadBalancerIPs: true
--- a/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
@@ -11,8 +11,6 @@ spec:
  blocks:
    - start: "10.232.1.21"
      stop: "10.232.1.23"
    - start: "10.232.1.100"
      stop: "10.232.1.200"
 ---
 apiVersion: cilium.io/v2
--- a/clusters/cl01tl/helm/cilium/templates/gateway.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/gateway.yaml
@@ -1,46 +1,45 @@
-apiVersion: gateway.networking.k8s.io/v1
+# apiVersion: gateway.networking.k8s.io/v1
-kind: Gateway
+# kind: Gateway
-metadata:
+# metadata:
-  name: cilium-tls-gateway
+#   name: cilium-tls-gateway
-  namespace: {{ .Release.Namespace }}
+#   namespace: {{ .Release.Namespace }}
-  labels:
+#   labels:
-    app.kubernetes.io/name: cilium-tls-gateway
+#     app.kubernetes.io/name: cilium-tls-gateway
-    app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
+#   annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-issuer
+#     cert-manager.io/cluster-issuer: letsencrypt-issuer
-    io.cilium/lb-ipam-ips: "10.232.1.100"
+# spec:
-spec:
+#   addresses:
-  addresses:
+#     - type: IPAddress
-    - type: IPAddress
+#       value: 10.232.1.23
-      value: 10.232.1.100
+#   gatewayClassName: cilium
-  gatewayClassName: cilium
+#   listeners:
-  listeners:
+#     - allowedRoutes:
-    - allowedRoutes:
+#         namespaces:
-        namespaces:
+#           from: All
-          from: All
+#       hostname: '*.alexlebens.net'
-      hostname: '*.alexlebens.net'
+#       name: https
-      name: https
+#       port: 443
-      port: 443
+#       protocol: HTTPS
-      protocol: HTTPS
+#       tls:
-      tls:
+#         certificateRefs:
-        certificateRefs:
+#           - group: ''
-          - group: ''
+#             kind: Secret
-            kind: Secret
+#             name: https-gateway-cert
-            name: https-gateway-cert
+#             namespace: kube-system
-            namespace: kube-system
+#         mode: Terminate
-        mode: Terminate
+#     - allowedRoutes:
-    - allowedRoutes:
+#         namespaces:
-        namespaces:
+#           from: All
-          from: All
+#       hostname: 'alexlebens.net'
-      hostname: 'alexlebens.net'
+#       name: https-domain
-      name: https-domain
+#       port: 443
-      port: 443
+#       protocol: HTTPS
-      protocol: HTTPS
+#       tls:
-      tls:
+#         certificateRefs:
-        certificateRefs:
+#           - group: ''
-          - group: ''
+#             kind: Secret
-            kind: Secret
+#             name: https-gateway-cert
-            name: https-gateway-cert
+#             namespace: kube-system
-            namespace: kube-system
+#         mode: Terminate
        mode: Terminate
--- a/clusters/cl01tl/helm/cilium/values.yaml
+++ b/clusters/cl01tl/helm/cilium/values.yaml
@@ -26,7 +26,7 @@ cilium:
        - SYS_ADMIN
        - SYS_RESOURCE
  l2announcements:
-    enabled: true
+    enabled: false
  bgpControlPlane:
    enabled: false
    secretsNamespace:
@@ -38,7 +38,6 @@ cilium:
  bpf:
    hostLegacyRouting: true
  devices: end0 enp6s0
  enableK8sEndpointSlice: true
  ciliumEndpointSlice:
    enabled: true
  ingressController:
--- a/hosts/ps08rp/traefik/compose.yaml
+++ b/hosts/ps08rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.7
+        image: ghcr.io/traefik/traefik:v3.6.8
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/hosts/ps09rp/traefik/compose.yaml
+++ b/hosts/ps09rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.7
+        image: ghcr.io/traefik/traefik:v3.6.8
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/hosts/ps10rp/traefik/compose.yaml
+++ b/hosts/ps10rp/traefik/compose.yaml
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.7
+        image: ghcr.io/traefik/traefik:v3.6.8
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
Author	SHA1	Message	Date
Renovate Bot	2ee34dbd5e	chore(deps): update ghcr.io/traefik/traefik docker tag to v3.6.8 Some checks are pending renovate/stability-days Updates have not met minimum release age requirement Details lint-test-docker / lint-docker-compose (pull_request) Successful in 1m43s Details	2026-02-12 21:01:45 +00:00
Alex Lebens	b4919afab0	feat: disable l2 announcement All checks were successful lint-test-helm / lint-helm (push) Successful in 57s Details render-manifests-push / render-manifests-push (push) Successful in 2m12s Details renovate / renovate (push) Successful in 3m13s Details	2026-02-12 14:24:25 -06:00